cancel
Showing results for 
Search instead for 
Did you mean: 

SSL in Portal just for ESS-MSS App

Former Member
0 Kudos

Hi Everyone,

Is there anyway to use the HTTPS just for ESS -Mss application in SAP Portal EP7 EHP1 or to use the secure connection we should switch Portal to https?

We implement our internal portal (HTTP) , with ESS-MSS connected to SAP ECC, As we are adding more functionality to ESS-MSS looking for more security.

Any Idea?

Thanks,

Accepted Solutions (0)

Answers (3)

Answers (3)

hofmann
Active Contributor
0 Kudos

By default it's all or nothing.

You may install the ESS/MSS BP on another server that is accessed by HTTPS and integrate this server into your portal by the mean of an iFrame or by an external link.

As a workaround you can put a Javascript in the WSS/MSS roles / worksets that checks if the connection is HTTP and switches the protocol to HTTPS (may include a (partial) page refresh). When the user navigates away from the ESS/MSS pages another Javascript switches the protocol back to HTTP.

br,

Tobias

Former Member
0 Kudos

Thanks Guys,

I read somewhere I can make a secure connection between Portal and SAP , Is it possible to do this without turn on HTTPS in Portal, if yes, is there any direction or document you can suggest me to go though?

THanks for your help

hofmann
Active Contributor
0 Kudos

There is rarely ever done a connection between portal and ERP, as the portal normally isn't connecting to the ERP system to retrieve data. That is the job of Web Dynpro, SAPGui, Visual Composer, BSP; and these are running in the browser / desktop of the user.

br,

Tobias

Former Member
0 Kudos

Hi,

True, but the exception is ESS which is JAVA webdynpros running in the portal system and using JCO connections to read data in the ERP system. I may be possible to use snc for these JCO connections ?

Regards,

Olivier

hofmann
Active Contributor
0 Kudos

Olivier,

these WebDynpros run on the AS Java server, so the secure configuration is done at JCo level. For JCo connections issued by the portal the portal application has to open a JCA connection. I believe, there the secure connection is indeed configured in the portal's system landscape.

br,

Tobias

Former Member
0 Kudos

Hi Guys,

Is there any documentation, I can follow to create JCA connections between POrtal and SAP? have you ever heard anybody used JCA connection for ESS-MSS?

Do we need to do programming for JCA connection or is there a way to create a JCA connection instead of JCO connection?

THanks a lot

Edited by: Mar V on Jan 18, 2011 10:58 PM

hofmann
Active Contributor
0 Kudos

JCA will use JCO, but as JCO is a SAP technology to connect to ABAP systems, JCA is the Java standard for connectors. For ESS/MSS you use WebDynpro Java, that will use JCo. You'll have to configure a secure JCo connection between the AS Java and the ABAP system (with SNC). I think you'll have to do this either in the Visual Administrator or in the Web Dynpro Console.

br,

Tobias

Former Member
0 Kudos

THanks for your response, Could you please share any document or any reference that I can follow to make this configuration?

Thanks

hofmann
Active Contributor
0 Kudos

Hi,

Secure JCo (SNC)

http://help.sap.com/saphelp_nw70/helpdata/en/c3/d2281db19ec347a2365fba6ab3b22b/frameset.htm

JCo & SNC:

Blog about security (about Duet, but the basics are the same), also handles HTTPS: http://weblogs.sdn.sap.com/cs/blank/view/wlg/11224

br,

Tobias

Former Member
0 Kudos

Mar,

I dont think securing PORTAL to ECC communication will solve your security issue.

If I am not wrong, your security team should be more concerned with HTTP access to portal exposed to internet.

This must be made HTTPS. Else data sent from user's browser will be plain text and any interceptor can see the entire conversation and it doesnt take much time to compromise your portal.

For such scenarios, SAP strongly recommends using reverse proxy like webdispatcher.

You can do this:

For internet users : Browser(HTTPS) > Webdispatcher(HTTPS) > Portal(HTTP)

Give webdispatcher(https) url to internet users. Webdispatcher takes care of SSL and only webdispatcher will do http access to portal - You are safe from internet.

For intranet users: Browser(HTTP) > Portal(HTTP)

GIve portal(http) url to internal users.

Block this http access from internet.

Thanks,

Nag

Former Member
0 Kudos

Thanks Nag for your reply, we already have this scenario, we are just going to be more secure internally.

birojpatro
Contributor
0 Kudos

Hi Mar,

You should switch your portal to https.

Cheers!!!

Biroj

Former Member
0 Kudos

Hi,

AFAIK, you need to activate HTTPS for the entire system. Activating https for specific applications is not possible.

Rgds,

Soujanya